Martinez_Assignment_#4

Fred Chin, CEO of sequential label and supply, leaned back in his leather chair and propped his feet up on the long mahogany table in the conference room where the SLS Board of Directors had just adjourned their quarterly meeting.“What do you think about our computer security problem?” he asked Gladys Williams, the company’s chief information officer, or CIO. He was referring to last month’s outbreak of a malicious worm on the company’s computer network. Gladys replied, “I think we have a real problem, and we need to put together a real solution, not just a quick patch like the last time.” Eighteen months ago, the network had been infected by an employee’s personal USB drive. To prevent this from happening again, all users in the company were banned from using USB drives. Fred wasn’t convinced. “Can’t we just add another thousand dollars to the next training budget?” Gladys shook her head. “You’ve known for some time now that this business runs on technology. That’s why you hired me as…

Zero Trust has become one of cybersecurity’s latest buzzwords, but what does it mean?   Read through this brief from PaloAlto Networks describing the latest cybersecurity strategy:   Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control. Zero Trust was created by John Kindervag, during his tenure as a vice president and principal analyst for Forrester Research, based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be trusted. Under this broken trust model, it is assumed that a user’s identity is not compromised and that all…

Question 3 Miss Low, an IT expert from Embedded System Integrator Company (ESIC), had secretly transferred the most recent smartphone design blueprint and other material into her company's smartphone and emailed them to a competitor. Her manager had discovered her, and she had attempted to destroy all traces of the activity, including her communications with the competing company. Her boss then informed higher management about the situation. The matter was investigated by a Digital Forensics Specialist (DFS). On the IT engineer's smartphone, the expert performed forensic investigation and analysis. Based on the above scenario, answer the following questions: a) Once the phone is in airplane mode and in Faraday's bag, list THREE (3) tools that you can use to gather evidence. b) Planning, Acquisition, Analysis, and Reporting are the four main processes in a forensic inquiry. Analyse what DFS should do at each stage.

Nearly a decade has passed since the National Academy of Engineers declared Cyber Security a "grand challenge for the next century." Every day there is news on ways in which cyber security challenges and responses are complicating every aspect of our lives. Can the challenge be solved? As a first step to solving any problem, one must understand its nature. So, it is important for all cyber security analysts to keep on top of news stories in the field. In this discussion forum we will do just that with the hope that everyone will make it a daily habit throughout their career. Today, some cyber news has been flooded out of the headlines by Hurricane Harvey, but as noted in this article, cyber concerns are front and center as students return to school.

How do bottom-up and top-down strategies differ with respect to protecting sensitive data?When comparing top-down and bottom-up methods, why is one preferred over the other?You'll gain a better sense of the bigger picture as a result of this.

You are asked to do some research, and write a report that answers the following questions about Digital Fingerprinting: You should tackle the following points: What is Digital Fingerprinting and for what purposes is it used? How does the fingerprinting algorithm work? Describe its principle of operation.   Certain steps are followed to reach the desired result- either block, delete or authorize usage of content. Some cybersecurity experts say that fingerprinting is abusive and exposes the privacy issues of users. Certain solutions were done by some browsers for blocking browser fingerprinting. Describe the measures taken by any of the browsers as a fingerprint defense mechanism.     List two common Fingerprinting Algorithms.   Report Writing:   You should follow the following guidelines while writing your report:   Your report should be between 400 and 500 words in length.                    Ensure that your report has an appropriate structure and writing style. Your report…

You are asked to do some research, and write a report that answers the following questions about Digital Fingerprinting: You should tackle the following points: What is Digital Fingerprinting and for what purposes is it used? How does the fingerprinting algorithm work? Describe its principle of operation. Certain steps are followed to reach the desired result- either block, delete or authorize usage of content. Some cybersecurity experts say that fingerprinting is abusive and exposes the privacy issues of users. Certain solutions were done by some browsers for blocking browser fingerprinting. Describe the measures taken by any of the browsers as a fingerprint defense mechanism.     List two common Fingerprinting Algorithms.

TASK 01 (SHODAN)•For this assignment you will have to do some observation task on some vulnerabilities that can be exploited to attack ICS security.•Remember: ONLY OBSERVE for study purpose. UNITEN will not be responsible for your experimentation beyond the required task.Search for potential location of ICS devices•Use Shodan website•Search for location that is linked to port 102 in Malaysia•Note how many are there in Malaysia1.Find out what all those displayed information mean from the search. Explain it in your report. [5 marks]2.Use the map in SHODAN to actually find out where these location actually is. [2 marks]3.Cross check with google map if the location is actually real. List at least TWO detailed address and information found through SHODAN, [3 marks]4.Extra bonus marks: Find out other port number that might be used by ICS device and perform a search. List them out and perform the same test. Write the same report of your findings. TASK 02 (GOOGLE HACKING)•For this assignment…

TO: All Staff FROM: Jake Ryan, Director, Product Development DATE: October 23, 2018 SUBJECT: Launch of Product XYZ Due to extensive customer feedback, and the results of current testing, I wanted to inform you that Product XYZ will be delayed from its original launch date of November 15th, until Q1 2019. We are confident that time for additional testing will serve to make XYZ more effective in fighting security breaches that customers are facing. For those customers that you believe will now consider a competitor's product, the marketing department is developing a promotional offering, which sales reps can share with their customers to help reduce those who will now go to our competitors. As disappointing as this news may be, we are confident in our employees, and know the additional time will serve this company well by creating a more successful product.

g. Illicit Cryptomining Create a presentation to discuss a certain abuse assigned to you. The discussion/presentation must focus on the following: 1. Nature of the abuse (types, operation, tools, etc.) 2. Actual case/news 3. Causes of abuse (reasons for committing the crime) 4. Effect/damages 5. Ways to avoid

Some experts in the area of information technology security believe that companies should bring on former hackers to act as consultants in order to strengthen their defenses. That's what you think, right? A good justification or a terrible one?

The interns who appear to be violating numerous security rules are approached by the CISO and express their discontent. They don't encrypt their workstations, download illegal music, link their personal gadgets to company computers, spend too much time on social media, and download pornographic material on business systems, claims the corporation. The CISO advises you to develop a security document (Rules of Behavior) with at least 15 rules defining what employees are allowed and not allowed to do when connected to the company network.

What are the key differences between a top-down and bottom-up strategy when it comes to protecting sensitive data? That's why it's best to start at the top, isn't it?